Cybersecurity Maturity Model Certification (CMMC 2.0) is a required certification for all businesses that are contractors of the US government’s Department of Defense (DoD) with comprehensive cybersecurity requirements built on NIST special publication 800-171 self assessment. The CMMC will require DoD contractors to implement cybersecurity protections standards for controls including access control, incident response, physical protection, and system and information integrity. The CMMC framework is designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared by the DoD with its contractors and subcontractors based on the Maturity Level requirement. Businesses containing CUI must be at least Level 3 compliant whereas if it contains only FCI it only needs Level 1 compliance. NIST special publication 800-171 self assessment and third party audit is required. Many variables influence the effort required to prepare a system for audit and authorization.
HanaByte can automate and implement compliance services and is able to advise related organization personnel conducting a CMMC assessment prior to submission to an official third party audit. At your option, we can coach you on selecting an audit and certification firm, appropriate for your business.
Perform workshops on CMMC requirements – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
Deliverables
Delivery of a variety of workshops covering CMMC Maturity Levels requirements
Regular remote meetings to track progress that best fits your schedule
Personnel
Security Consultant(s) will be assigned to the engagement for a flat fee
Customer Responsibilities
Provide access to related documentation and in-scope systems
Guidance in assessing your existing services and its control implementations, infrastructure, policies and procedures documentation, and training documentation against the Maturity Levels and NIST special publication 800-171
Guidance through CMMC requirements – educating key stakeholders, technical personnel, and support teams on a variety of topics
Deliverables
Regular meetings to counsel CMMC processes and gaps including Maturity Levels requirements
Regular meetings to provide recommendations with third party companies
Personnel
Security Consultant(s), billed hourly as needed for the engagement
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing services and its control implementations, infrastructure, policies and procedures documentation, and training documentation in order to perform a gap analysis to the Maturity Levels and NIST special publication 800-171
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress
Personnel
Security Consultant(s), billed 5 days full-days per week for the engagement
Expected CMMC gap assessment turnaround time of engagement to be 6-8 weeks depending on Maturity Level required
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing services and its control implementations, infrastructure, policies and procedures documentation, and training documentation in order to perform a gap analysis to the Maturity Levels and NIST special publication 800-171
Perform workshops on CMMC requirements – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls
Delivery of a variety of workshops covering CMMC Maturity Levels requirements
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress
Personnel
Security Consultant(s), billed 5 days full-days per week for the engagement
One or more HanaByte Security Consultant may travel to your organization’s site to conduct hands-on assessment and workshops
Expected full CMMC launch turnaround time of engagement to be 3-4 months depending on Maturity Level required
Gap assessment and workshops may be conducted concurrently for a reduced turnaround time in the case of assignment of multiple HanaByte Security Consultants
Customer Responsibilities
Provide access to related documentation and in-scope systems
